blob: 4bd9f2be175ee4058c96857b42723e12b76d78a6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
From: "Stephen F. Booth" <me@sbooth.org>
Date: Sun, 23 Jul 2017 10:11:09 -0400
Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
which causes problems in rebuildAggregateFrames() when it is assumed
that TDRC is a TextIdentificationFrame
Upstream-Status: Backport
[https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6]
CVE: CVE-2017-12678
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
index 759a9b7b..9347ab86 100644
--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
tag->frameList("TDAT").size() == 1)
{
TextIdentificationFrame *tdrc =
- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
- if(tdrc->fieldList().size() == 1 &&
+ if(tdrc &&
+ tdrc->fieldList().size() == 1 &&
tdrc->fieldList().front().size() == 4 &&
tdat->data().size() >= 5)
{
--
2.13.5
|
